keycloak redirect to external service and continuous flow

Question

I want to use my external page for validation and authentication then go back to keycloak flow. Is it possible to do so?

For example.

after login, I want the user to do face recognition, which is my service on an external URL.

Can I redirect to that URL and redirect back to keycloak?

I don't want to re-implement face recognition on keyclaok templates.

Could someone guide me on how to solve this?

Answer 1

After a day tried.

I have written SPI to redirect to external service, then the service should redirect back to keycloak with few parameters.

Like this.

@Override
public void authenticate(AuthenticationFlowContext context) {
    String accessCode = new ClientSessionCode<>(context.getSession(), context.getRealm(), context.getAuthenticationSession()).getOrGenerateCode();
    String clientId = context.getAuthenticationSession().getClient().getClientId();
    String tabId = context.getAuthenticationSession().getTabId();
    String execution = context.getExecution().getId();
    String realm = context.getRealm().getName();
    URI location;
    try {
        location = new URI("http://myservice/validation/?realm="+realm+"&session_code="+accessCode+"&tab_id="+tabId+"&client_id="+clientId+"&execution="+execution);
        Response response = Response.seeOther(location)
                .build();
                LOG.debugf("Redirecting to %s", location.toString());
                context.forceChallenge(response);
                return;
    } catch (URISyntaxException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}

@Override
public void action(AuthenticationFlowContext context) {
    // "http://localhost:8080/auth/realms/"+realm+"/login-actions/authenticate?session_code="+accessCode+"&tab_id="+tabId+"&client_id="+clientId+"&execution="+execution
    // TODO allow or not?
    context.success();
}